{"id":16448,"date":"2025-10-11T18:16:06","date_gmt":"2025-10-11T10:16:06","guid":{"rendered":"https:\/\/www.quape.com\/?p=16448"},"modified":"2025-10-11T18:16:06","modified_gmt":"2025-10-11T10:16:06","slug":"wordpress-service-finder-vulnerability-cve-2025-5947","status":"publish","type":"post","link":"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/","title":{"rendered":"L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt WordPress Service Finder CVE-2025-5947"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p data-start=\"272\" data-end=\"575\">M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng, <strong data-start=\"307\" data-end=\"324\">CVE-2025-5947<\/strong>, \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong <strong data-start=\"353\" data-end=\"380\">\u0110\u1eb7t ch\u1ed7 c\u1ee7a Service Finder<\/strong> plugin \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u1eb5n v\u1edbi ch\u1ee7 \u0111\u1ec1 WordPress ph\u1ed5 bi\u1ebfn <em data-start=\"439\" data-end=\"455\">T\u00ecm ki\u1ebfm d\u1ecbch v\u1ee5<\/em>. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u01b0a x\u00e1c th\u1ef1c \u0111\u0103ng nh\u1eadp v\u1edbi t\u01b0 c\u00e1ch b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng n\u00e0o, bao g\u1ed3m c\u1ea3 qu\u1ea3n tr\u1ecb vi\u00ean, m\u00e0 kh\u00f4ng c\u1ea7n th\u00f4ng tin x\u00e1c th\u1ef1c h\u1ee3p l\u1ec7.<\/p>\n<p data-start=\"577\" data-end=\"782\">L\u1ed7 h\u1ed5ng c\u00f3 m\u1ed9t <strong data-start=\"601\" data-end=\"622\">\u0110i\u1ec3m CVSS l\u00e0 9,8<\/strong> v\u00e0 \u0111\u00e3 b\u1ecb khai th\u00e1c t\u00edch c\u1ef1c ngo\u00e0i th\u1ef1c t\u1ebf. C\u00e1c trang web s\u1eed d\u1ee5ng plugin n\u00e0y ph\u1ea3i h\u00e0nh \u0111\u1ed9ng ngay l\u1eadp t\u1ee9c \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u00f4i tr\u01b0\u1eddng c\u1ee7a m\u00ecnh v\u00e0 ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">M\u1ee5c l\u1ee5c<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Chuy\u1ec3n \u0111\u1ed5i m\u1ee5c l\u1ee5c\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Chuy\u1ec3n \u0111\u1ed5i<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Understanding_the_CVE-2025-5947\" >Hi\u1ec3u v\u1ec1 CVE-2025-5947<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#How_the_Exploit_Works\" >C\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Exploit<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Affected_Versions\" >Phi\u00ean b\u1ea3n b\u1ecb \u1ea3nh h\u01b0\u1edfng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Recommended_Actions_for_Website_Owners\" >C\u00e1c h\u00e0nh \u0111\u1ed9ng \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t cho ch\u1ee7 s\u1edf h\u1eefu trang web<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Signs_Your_Site_Might_Be_Compromised\" >D\u1ea5u hi\u1ec7u trang web c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 b\u1ecb x\u00e2m ph\u1ea1m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Why_This_Vulnerability_Matters\" >T\u1ea1i sao l\u1ed7 h\u1ed5ng n\u00e0y l\u1ea1i quan tr\u1ecdng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.quape.com\/vi\/wordpress-service-finder-vulnerability-cve-2025-5947\/#Managed_WordPress_Hosting_by_QUAPE\" >D\u1ecbch v\u1ee5 l\u01b0u tr\u1eef WordPress \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi QUAPE<\/a><\/li><\/ul><\/nav><\/div>\n<h3 data-start=\"789\" data-end=\"862\"><span class=\"ez-toc-section\" id=\"Understanding_the_CVE-2025-5947\"><\/span><strong>Hi\u1ec3u v\u1ec1 CVE-2025-5947<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"864\" data-end=\"1231\">C\u00e1c <strong data-start=\"868\" data-end=\"924\">L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt WordPress Service Finder CVE-2025-5947<\/strong> \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n c\u1ee7a <em data-start=\"953\" data-end=\"978\">\u0110\u1eb7t ch\u1ed7 c\u1ee7a Service Finder<\/em> plugin l\u00ean \u0111\u1ebfn <strong data-start=\"992\" data-end=\"1007\">phi\u00ean b\u1ea3n 6.0<\/strong>L\u1ed7 h\u1ed5ng n\u00e0y xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c x\u00e1c th\u1ef1c cookie ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng \u0111\u00fang c\u00e1ch trong ch\u1ee9c n\u0103ng chuy\u1ec3n \u0111\u1ed5i t\u00e0i kho\u1ea3n c\u1ee7a plugin. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 thao t\u00fang gi\u00e1 tr\u1ecb cookie \u0111\u1ec3 m\u1ea1o danh b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng n\u00e0o, gi\u00e0nh to\u00e0n quy\u1ec1n qu\u1ea3n tr\u1ecb m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c.<\/p>\n<p data-start=\"1233\" data-end=\"1578\">Theo <a class=\"decorated-link\" href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/sf-booking\/service-finder-bookings-60-authentication-bypass-via-user-switch-cookie?utm_source=quape.com\" target=\"_new\" rel=\"noopener\" data-start=\"1250\" data-end=\"1441\">C\u01a1 s\u1edf d\u1eef li\u1ec7u l\u1ed7 h\u1ed5ng Wordfence<\/a>, qua <strong data-start=\"1448\" data-end=\"1475\">13.800 l\u1ea7n khai th\u00e1c<\/strong> \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n t\u1eeb \u0111\u1ea7u th\u00e1ng 8 n\u0103m 2025, nh\u1eafm v\u00e0o c\u00e1c trang web WordPress ch\u01b0a \u00e1p d\u1ee5ng b\u1ea3n v\u00e1.<\/p>\n<p data-start=\"1580\" data-end=\"1738\">Nh\u00e0 ph\u00e1t tri\u1ec3n plugin \u0111\u00e3 ph\u00e1t h\u00e0nh phi\u00ean b\u1ea3n s\u1eeda l\u1ed7i (<strong data-start=\"1627\" data-end=\"1634\">6.1<\/strong>) TR\u00caN <strong data-start=\"1639\" data-end=\"1656\">Ng\u00e0y 17 th\u00e1ng 7 n\u0103m 2025<\/strong>, gi\u1ea3i quy\u1ebft ho\u00e0n to\u00e0n l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n tr\u01b0\u1edbc v\u1eabn c\u00f2n t\u1ed3n t\u1ea1i l\u1ed7 h\u1ed5ng.<\/p>\n<h3 data-start=\"1745\" data-end=\"1769\"><span class=\"ez-toc-section\" id=\"How_the_Exploit_Works\"><\/span><strong>C\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Exploit<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"1771\" data-end=\"2066\">Plugin n\u00e0y bao g\u1ed3m t\u00ednh n\u0103ng chuy\u1ec3n \u0111\u1ed5i t\u00e0i kho\u1ea3n, s\u1eed d\u1ee5ng cookie \u0111\u1ec3 t\u1ea1m th\u1eddi chuy\u1ec3n \u0111\u1ed5i gi\u1eefa c\u00e1c t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng. Do thi\u1ebfu x\u00e1c th\u1ef1c, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u1ea1o ra m\u1ed9t cookie \u0111\u1ed9c h\u1ea1i b\u1eaft ch\u01b0\u1edbc m\u1ed9t phi\u00ean l\u00e0m vi\u1ec7c h\u1ee3p l\u1ec7. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p ch\u00fang truy c\u1eadp b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n tr\u1ecb m\u00e0 kh\u00f4ng c\u1ea7n cung c\u1ea5p th\u00f4ng tin \u0111\u0103ng nh\u1eadp h\u1ee3p l\u1ec7.<\/p>\n<p data-start=\"2068\" data-end=\"2100\">C\u00e1c h\u00e0nh \u0111\u1ed9ng t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn bao g\u1ed3m:<\/p>\n<ol data-start=\"2101\" data-end=\"2363\">\n<li data-start=\"2101\" data-end=\"2147\">\n<p data-start=\"2103\" data-end=\"2147\">T\u1ea3i l\u00ean c\u00e1c t\u1ec7p PHP ho\u1eb7c webshell \u0111\u1ed9c h\u1ea1i<\/p>\n<\/li>\n<li data-start=\"2148\" data-end=\"2186\">\n<p data-start=\"2150\" data-end=\"2186\">C\u00e0i \u0111\u1eb7t plugin ho\u1eb7c ch\u1ee7 \u0111\u1ec1 \u0111\u1ed9c h\u1ea1i<\/p>\n<\/li>\n<li data-start=\"2187\" data-end=\"2245\">\n<p data-start=\"2189\" data-end=\"2245\">Chuy\u1ec3n h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng \u0111\u1ebfn c\u00e1c trang web l\u1eeba \u0111\u1ea3o ho\u1eb7c l\u01b0u tr\u1eef ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i<\/p>\n<\/li>\n<li data-start=\"2246\" data-end=\"2307\">\n<p data-start=\"2248\" data-end=\"2307\">T\u1ea1o t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb vi\u00ean m\u1edbi \u0111\u1ec3 truy c\u1eadp li\u00ean t\u1ee5c<\/p>\n<\/li>\n<li data-start=\"2308\" data-end=\"2363\">\n<p data-start=\"2310\" data-end=\"2363\">\u0110\u00e1nh c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c th\u00f4ng tin kh\u00e1ch h\u00e0ng<\/p>\n<\/li>\n<\/ol>\n<p data-start=\"2365\" data-end=\"2493\">L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec n\u00f3 b\u1ecf qua ho\u00e0n to\u00e0n qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c, \u0111\u1ec3 l\u1ea1i r\u1ea5t \u00edt d\u1ea5u v\u1ebft trong nh\u1eadt k\u00fd \u0111\u0103ng nh\u1eadp ti\u00eau chu\u1ea9n.<\/p>\n<h3 data-start=\"2500\" data-end=\"2520\"><span class=\"ez-toc-section\" id=\"Affected_Versions\"><\/span><strong>Phi\u00ean b\u1ea3n b\u1ecb \u1ea3nh h\u01b0\u1edfng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul data-start=\"2522\" data-end=\"2631\">\n<li data-start=\"2522\" data-end=\"2592\">\n<p data-start=\"2524\" data-end=\"2592\"><strong data-start=\"2524\" data-end=\"2539\">D\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng:<\/strong> Phi\u00ean b\u1ea3n \u0111\u1eb7t ch\u1ed7 c\u1ee7a Service Finder <strong data-start=\"2573\" data-end=\"2590\">6.0 tr\u1edf xu\u1ed1ng<\/strong><\/p>\n<\/li>\n<li data-start=\"2593\" data-end=\"2631\">\n<p data-start=\"2595\" data-end=\"2631\"><strong data-start=\"2595\" data-end=\"2605\">\u0110\u00e3 s\u1eeda:<\/strong> Phi\u00ean b\u1ea3n <strong data-start=\"2614\" data-end=\"2631\">6.1 tr\u1edf l\u00ean<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2633\" data-end=\"2740\">C\u00e1c trang web ch\u1ea1y phi\u00ean b\u1ea3n c\u0169 h\u01a1n n\u00ean c\u1eadp nh\u1eadt ngay l\u1eadp t\u1ee9c ho\u1eb7c v\u00f4 hi\u1ec7u h\u00f3a plugin cho \u0111\u1ebfn khi b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng.<\/p>\n<h3 data-start=\"2747\" data-end=\"2788\"><span class=\"ez-toc-section\" id=\"Recommended_Actions_for_Website_Owners\"><\/span><strong>C\u00e1c h\u00e0nh \u0111\u1ed9ng \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t cho ch\u1ee7 s\u1edf h\u1eefu trang web<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"2790\" data-end=\"2900\">Ch\u1ee7 s\u1edf h\u1eefu trang web ch\u1ea1y ch\u1ee7 \u0111\u1ec1 Service Finder n\u00ean th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc sau \u0111\u1ec3 gi\u1ea3m thi\u1ec3u <strong data-start=\"2882\" data-end=\"2899\">CVE-2025-5947<\/strong>:<\/p>\n<ol data-start=\"2902\" data-end=\"3416\">\n<li data-start=\"2902\" data-end=\"2958\">\n<p data-start=\"2905\" data-end=\"2958\"><strong data-start=\"2905\" data-end=\"2915\">C\u1eadp nh\u1eadt<\/strong> \u0111\u1ebfn phi\u00ean b\u1ea3n <strong data-start=\"2927\" data-end=\"2944\">6.1 tr\u1edf l\u00ean<\/strong> ngay l\u1eadp t\u1ee9c<\/p>\n<\/li>\n<li data-start=\"2959\" data-end=\"3030\">\n<p data-start=\"2962\" data-end=\"3030\"><strong data-start=\"2962\" data-end=\"2999\">Xem l\u1ea1i t\u1ea5t c\u1ea3 t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb vi\u00ean<\/strong> v\u00e0 x\u00f3a b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng x\u00e1c \u0111\u1ecbnh n\u00e0o<\/p>\n<\/li>\n<li data-start=\"3031\" data-end=\"3097\">\n<p data-start=\"3034\" data-end=\"3097\"><strong data-start=\"3034\" data-end=\"3064\">Thay \u0111\u1ed5i t\u1ea5t c\u1ea3 m\u1eadt kh\u1ea9u qu\u1ea3n tr\u1ecb vi\u00ean<\/strong> v\u00e0 v\u00f4 hi\u1ec7u h\u00f3a c\u00e1c phi\u00ean ho\u1ea1t \u0111\u1ed9ng<\/p>\n<\/li>\n<li data-start=\"3098\" data-end=\"3174\">\n<p data-start=\"3101\" data-end=\"3174\"><strong data-start=\"3101\" data-end=\"3134\">Qu\u00e9t c\u00e1c t\u1eadp tin PHP \u0111\u00e1ng ng\u1edd<\/strong>, \u0111\u1eb7c bi\u1ec7t l\u00e0 trong <code data-start=\"3150\" data-end=\"3172\">\/wp-content\/uploads\/<\/code><\/p>\n<\/li>\n<li data-start=\"3175\" data-end=\"3248\">\n<p data-start=\"3178\" data-end=\"3248\"><strong data-start=\"3178\" data-end=\"3203\">S\u1eed d\u1ee5ng tr\u00ecnh qu\u00e9t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i<\/strong> nh\u01b0 Sucuri ho\u1eb7c MalCare \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c c\u1eeda h\u1eadu<\/p>\n<\/li>\n<li data-start=\"3249\" data-end=\"3329\">\n<p data-start=\"3252\" data-end=\"3329\"><strong data-start=\"3252\" data-end=\"3295\">K\u00edch ho\u1ea1t T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web (WAF)<\/strong> \u0111\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c khai th\u00e1c th\u00eam<\/p>\n<\/li>\n<li data-start=\"3330\" data-end=\"3416\">\n<p data-start=\"3333\" data-end=\"3416\"><strong data-start=\"3333\" data-end=\"3356\">Theo d\u00f5i nh\u1eadt k\u00fd truy c\u1eadp<\/strong> \u0111\u1ed1i v\u1edbi ho\u1ea1t \u0111\u1ed9ng \u0111\u0103ng nh\u1eadp b\u1ea5t th\u01b0\u1eddng, \u0111\u1eb7c bi\u1ec7t l\u00e0 t\u1eeb c\u00e1c IP kh\u00f4ng x\u00e1c \u0111\u1ecbnh<\/p>\n<\/li>\n<\/ol>\n<p data-start=\"3418\" data-end=\"3512\">N\u1ebfu ph\u00e1t hi\u1ec7n b\u1ea5t k\u1ef3 s\u1ef1 x\u00e2m ph\u1ea1m n\u00e0o, h\u00e3y kh\u00f4i ph\u1ee5c trang web t\u1eeb b\u1ea3n sao l\u01b0u s\u1ea1ch v\u00e0 \u0111\u1eb7t l\u1ea1i t\u1ea5t c\u1ea3 th\u00f4ng tin \u0111\u0103ng nh\u1eadp.<\/p>\n<h3 data-start=\"3519\" data-end=\"3558\"><span class=\"ez-toc-section\" id=\"Signs_Your_Site_Might_Be_Compromised\"><\/span><strong>D\u1ea5u hi\u1ec7u trang web c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 b\u1ecb x\u00e2m ph\u1ea1m<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"3560\" data-end=\"3589\">C\u00e1c ch\u1ec9 s\u1ed1 ti\u1ec1m n\u0103ng bao g\u1ed3m:<\/p>\n<ul data-start=\"3590\" data-end=\"3818\">\n<li data-start=\"3590\" data-end=\"3651\">\n<p data-start=\"3592\" data-end=\"3651\">T\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb vi\u00ean kh\u00f4ng x\u00e1c \u0111\u1ecbnh xu\u1ea5t hi\u1ec7n trong danh s\u00e1ch ng\u01b0\u1eddi d\u00f9ng<\/p>\n<\/li>\n<li data-start=\"3652\" data-end=\"3705\">\n<p data-start=\"3654\" data-end=\"3705\">Chuy\u1ec3n h\u01b0\u1edbng ho\u1eb7c thay \u0111\u1ed5i tr\u00e1i ph\u00e9p n\u1ed9i dung trang web<\/p>\n<\/li>\n<li data-start=\"3706\" data-end=\"3760\">\n<p data-start=\"3708\" data-end=\"3760\">C\u00e1c t\u1ec7p PHP m\u1edbi \u0111\u01b0\u1ee3c th\u00eam v\u00e0o ch\u1ee7 \u0111\u1ec1 ho\u1eb7c th\u01b0 m\u1ee5c t\u1ea3i l\u00ean<\/p>\n<\/li>\n<li data-start=\"3761\" data-end=\"3818\">\n<p data-start=\"3763\" data-end=\"3818\">C\u00e1c v\u1ea5n \u0111\u1ec1 v\u1ec1 hi\u1ec7u su\u1ea5t \u0111\u1ed9t ng\u1ed9t ho\u1eb7c ho\u1ea1t \u0111\u1ed9ng m\u1ea1ng b\u1ea5t th\u01b0\u1eddng<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3820\" data-end=\"3885\">Ph\u00e1t hi\u1ec7n s\u1edbm c\u00f3 th\u1ec3 ng\u0103n ch\u1eb7n thi\u1ec7t h\u1ea1i tr\u00ean di\u1ec7n r\u1ed9ng ho\u1eb7c vi ph\u1ea1m d\u1eef li\u1ec7u.<\/p>\n<h3 data-start=\"3892\" data-end=\"3925\"><span class=\"ez-toc-section\" id=\"Why_This_Vulnerability_Matters\"><\/span><strong>T\u1ea1i sao l\u1ed7 h\u1ed5ng n\u00e0y l\u1ea1i quan tr\u1ecdng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"3927\" data-end=\"4243\">Ch\u1ee7 \u0111\u1ec1 Service Finder \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i b\u1edfi <strong data-start=\"3970\" data-end=\"4031\">c\u00e1c doanh nghi\u1ec7p nh\u1ecf, c\u00f4ng ty \u0111\u1eb7t v\u00e9 v\u00e0 nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5<\/strong> tr\u00ean to\u00e0n c\u1ea7u. S\u1ef1 ph\u1ed5 bi\u1ebfn c\u1ee7a n\u00f3 khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau h\u00e0ng \u0111\u1ea7u cho nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng t\u00ecm c\u00e1ch x\u00e2m ph\u1ea1m c\u00e1c trang web WordPress \u1edf quy m\u00f4 l\u1edbn. M\u1ed9t cu\u1ed9c khai th\u00e1c th\u00e0nh c\u00f4ng c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn <strong data-start=\"4178\" data-end=\"4242\">d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp, gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 v\u00e0 t\u1ed5n h\u1ea1i \u0111\u1ebfn danh ti\u1ebfng th\u01b0\u01a1ng hi\u1ec7u<\/strong>.<\/p>\n<p data-start=\"4245\" data-end=\"4433\">Vi\u1ec7c duy tr\u00ec b\u1ea3o m\u1eadt WordPress \u0111\u00f2i h\u1ecfi <strong data-start=\"4285\" data-end=\"4372\">c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean, gi\u00e1m s\u00e1t l\u1ed7 h\u1ed5ng ch\u1ee7 \u0111\u1ed9ng v\u00e0 qu\u1ea3n l\u00fd b\u1ea3n v\u00e1 t\u1ef1 \u0111\u1ed9ng<\/strong>, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u0111\u1ed1i v\u1edbi c\u00e1c doanh nghi\u1ec7p d\u1ef1a v\u00e0o s\u1ef1 hi\u1ec7n di\u1ec7n tr\u1ef1c tuy\u1ebfn c\u1ee7a h\u1ecd.<\/p>\n<h3 data-start=\"4440\" data-end=\"4529\"><span class=\"ez-toc-section\" id=\"Managed_WordPress_Hosting_by_QUAPE\"><\/span><strong>D\u1ecbch v\u1ee5 l\u01b0u tr\u1eef WordPress \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi <a class=\"decorated-link\" href=\"https:\/\/www.quape.com\/vi\/hosting\/wordpress-hosting\/\" target=\"_new\" rel=\"noopener\" data-start=\"4472\" data-end=\"4529\">QUAPE<\/a><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"4531\" data-end=\"4816\">T\u1ea1i <strong data-start=\"4534\" data-end=\"4595\"><a class=\"decorated-link\" href=\"https:\/\/www.quape.com\/vi\/hosting\/wordpress-hosting\/\" target=\"_new\" rel=\"noopener\" data-start=\"4536\" data-end=\"4593\">QUAPE<\/a><\/strong>, ch\u00fang t\u00f4i cung c\u1ea5p <strong data-start=\"4608\" data-end=\"4637\">Qu\u1ea3n l\u00fd l\u01b0u tr\u1eef WordPress<\/strong> b\u1ea3o m\u1eadt v\u00e0 t\u1ed1i \u01b0u h\u00f3a trang web c\u1ee7a b\u1ea1n. Nh\u00f3m c\u1ee7a ch\u00fang t\u00f4i theo d\u00f5i c\u00e1c l\u1ed7 h\u1ed5ng nh\u01b0 <strong data-start=\"4715\" data-end=\"4732\">CVE-2025-5947<\/strong>, \u00e1p d\u1ee5ng c\u00e1c b\u1ea3n v\u00e1 ch\u1ee7 \u0111\u1ed9ng v\u00e0 \u0111\u1ea3m b\u1ea3o trang web c\u1ee7a b\u1ea1n lu\u00f4n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 v\u00e0 c\u1eadp nh\u1eadt.<\/p>\n<p data-start=\"4818\" data-end=\"4857\">C\u00e1c d\u1ecbch v\u1ee5 WordPress \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd c\u1ee7a ch\u00fang t\u00f4i bao g\u1ed3m:<\/p>\n<ul data-start=\"4858\" data-end=\"5148\">\n<li data-start=\"4858\" data-end=\"4919\">\n<p data-start=\"4860\" data-end=\"4919\">C\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng cho l\u00f5i WordPress, ch\u1ee7 \u0111\u1ec1 v\u00e0 plugin<\/p>\n<\/li>\n<li data-start=\"4920\" data-end=\"4967\">\n<p data-start=\"4922\" data-end=\"4967\">B\u1ea3o v\u1ec7 v\u00e0 gi\u00e1m s\u00e1t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i theo th\u1eddi gian th\u1ef1c<\/p>\n<\/li>\n<li data-start=\"4968\" data-end=\"5014\">\n<p data-start=\"4970\" data-end=\"5014\">Sao l\u01b0u h\u00e0ng ng\u00e0y v\u00e0 h\u1ed7 tr\u1ee3 kh\u00f4i ph\u1ee5c nhanh ch\u00f3ng<\/p>\n<\/li>\n<li data-start=\"5015\" data-end=\"5068\">\n<p data-start=\"5017\" data-end=\"5068\">T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web v\u00e0 ph\u00f2ng ch\u1ed1ng x\u00e2m nh\u1eadp<\/p>\n<\/li>\n<li data-start=\"5069\" data-end=\"5119\">\n<p data-start=\"5071\" data-end=\"5119\">T\u1ed1i \u01b0u h\u00f3a hi\u1ec7u su\u1ea5t v\u00e0 gi\u00e1m s\u00e1t th\u1eddi gian ho\u1ea1t \u0111\u1ed9ng<\/p>\n<\/li>\n<li data-start=\"5120\" data-end=\"5148\">\n<p data-start=\"5122\" data-end=\"5148\">H\u1ed7 tr\u1ee3 chuy\u00ean gia t\u1eadn t\u00e2m<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5150\" data-end=\"5359\">H\u1ee3p t\u00e1c v\u1edbi <strong data-start=\"5166\" data-end=\"5175\">QUAPE<\/strong> \u0111\u1ea3m b\u1ea3o trang web WordPress c\u1ee7a b\u1ea1n lu\u00f4n an to\u00e0n tr\u01b0\u1edbc c\u00e1c m\u1ed1i \u0111e d\u1ecda nghi\u00eam tr\u1ecdng \u0111\u1ed3ng th\u1eddi duy tr\u00ec hi\u1ec7u su\u1ea5t t\u1ed1i \u01b0u. T\u00ecm hi\u1ec3u th\u00eam t\u1ea1i <a class=\"decorated-link\" href=\"https:\/\/www.quape.com\/vi\/hosting\/wordpress-hosting\/\" target=\"_new\" rel=\"noopener\" data-start=\"5297\" data-end=\"5358\">quape.com<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>A critical security vulnerability, CVE-2025-5947, has been discovered in the Service Finder Bookings plugin, which is bundled with the popular WordPress theme Service Finder. This flaw allows unauthenticated attackers to log in as any user, including administrators, without valid credentials. The vulnerability has a CVSS score of 9.8 and has been actively exploited in the [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16460,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93,9,10],"tags":[426,427,429,156,428],"class_list":["post-16448","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-hosting","category-wordpress-news-learning","tag-cve-2025-5947","tag-service-finder-bookings-plugin","tag-wordpress-exploit","tag-wordpress-security","tag-wordpress-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts\/16448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/comments?post=16448"}],"version-history":[{"count":0,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts\/16448\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/media\/16460"}],"wp:attachment":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/media?parent=16448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/categories?post=16448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/tags?post=16448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}